[
https://issues.apache.org/jira/browse/HDFS-14017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16678668#comment-16678668
]
Chen Liang edited comment on HDFS-14017 at 11/7/18 7:22 PM:
------------------------------------------------------------
Hmm...I don't see why it does not work, as long as both nn1 and nn2 shows up in
{{dfs.namenode.rpc-address.\*.\*}} configs, there will be two proxies created,
and client should be able to find them. I did a quick check in the test
cluster, seemed to work, although it was checking from command line and won't
tell about DT.
I agree that with all the {{dfs.namenode.rpc-address}} configs we have all
information. In fact, in current patch, the call to
{{DFSUtilClient.getAddresses(...)}} is already getting ALL the host physical
addresses for ALL the nameservices. All these addresses will have proxies
created and DT cloned. The issue I had was that, it may not be true that all
these addresses should be considered (and clone DT for) in case of federation.
Probably should be based on different {{fs.defaultFS}}, which is what
IPFailover is largely relying on, maybe only a subset should be checked. This
is what I meant by the need to tie fs.defaultFS to some name service/physical
address. And this, needs to be answered under the context of how IPFailover
should work with Federation.
was (Author: vagarychen):
Hmm...I don't see it does not work, as long as both nn1 and nn2 shows up in
{{dfs.namenode.rpc-address.\*.\*}} configs, there will be two proxies created,
and client should be able to find them. I did a quick in the test cluster, seem
to worked, although it was checking from command line and won't tell about DT.
I agree that with all the {{dfs.namenode.rpc-address}} configs we have all
information. In fact, in current patch, the call to
{{DFSUtilClient.getAddresses(...)}} is already getting ALL the host physical
addresses for ALL the nameservices. All these addresses will have proxies
created and DT cloned. The issue I had was that, it may not be true that all
these addresses should be considered (and clone DT for) in case of federation.
Probably should be based on different {{fs.defaultFS}}, which is what
IPFailover is largely relying on, maybe only a subset should be checked. This
is what I meant by the need to tie fs.defaultFS to some name service/physical
address. And this, needs to be answered under the context of how IPFailover
should work with Federation.
> ObserverReadProxyProviderWithIPFailover should work with HA configuration
> -------------------------------------------------------------------------
>
> Key: HDFS-14017
> URL: https://issues.apache.org/jira/browse/HDFS-14017
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Chen Liang
> Assignee: Chen Liang
> Priority: Major
> Attachments: HDFS-14017-HDFS-12943.001.patch,
> HDFS-14017-HDFS-12943.002.patch, HDFS-14017-HDFS-12943.003.patch,
> HDFS-14017-HDFS-12943.004.patch, HDFS-14017-HDFS-12943.005.patch
>
>
> Currently {{ObserverReadProxyProviderWithIPFailover}} extends
> {{ObserverReadProxyProvider}}, and the only difference is changing the proxy
> factory to use {{IPFailoverProxyProvider}}. However this is not enough
> because when calling constructor of {{ObserverReadProxyProvider}} in
> super(...), the follow line:
> {code:java}
> nameNodeProxies = getProxyAddresses(uri,
> HdfsClientConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY);
> {code}
> will try to resolve the all configured NN addresses to do configured
> failover. But in the case of IPFailover, this does not really apply.
>
> A second issue closely related is about delegation token. For example, in
> current IPFailover setup, say we have a virtual host nn.xyz.com, which points
> to either of two physical nodes nn1.xyz.com or nn2.xyz.com. In current HDFS,
> there is always only one DT being exchanged, which has hostname nn.xyz.com.
> Server only issues this DT, and client only knows the host nn.xyz.com, so all
> is good. But in Observer read, even with IPFailover, the client will no
> longer contacting nn.xyz.com, but will actively reaching to nn1.xyz.com and
> nn2.xyz.com. During this process, current code will look for DT associated
> with hostname nn1.xyz.com or nn2.xyz.com, which is different from the DT
> given by NN. causing Token authentication to fail. This happens in
> {{AbstractDelegationTokenSelector#selectToken}}. New IPFailover proxy
> provider will need to resolve this as well.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
